Practical Android Exploitation

Overview

There are more Android users than there are of any other mobile operating system worldwide. It is used not only in mobile devices but increasingly in infotainment, industrial, and enterprise products. "Practical Android Exploitation" is a course developed by Stephen A. Ridley (who also co-authored of "The Android Hacker's Handbook" by Wiley & Sons publishing) and Stephen C. Lawler (editor of "Practical Malware Analysis" and other books published by No Starch Press). "Practical Android Exploitation" is a comprehensive course aimed to teach all about Android software security and exploitation. Following the creation of their industry renown course ARMExploitation.com the creators of this course focused this new course on thoroughly exploring the inner-workings of the Android ecosystem and along the way teach participants how to reverse engineer and exploit software on Android. Participants will do it all: from decompiling applications, to writing their own shellcode FROM SCRATCH to exploit native code on Android systems. Jailbreaks, the history of public Android exploits, ARM exploitation, all will be covered in this intensive course.

Jail-breaks and how they work
Software exploitation (native and Dalvik) on Android
Analyze Mobile Malware
Perform hardware attacks on Mobile devices

Participants of "Practical Android Exploitation" will get hands on experience with the AndroidSDK/NDK and related toolchains and use that knowledge to write and analyze exploits on Android. This class is aimed to be an indispensable training for mobile developers, forensics investigators, software security professionals, and others. All participants of this course will also receive their own custom printed copy of "The Android Hacker's Handbook".

Student Requirements

What Students Should Bring

A laptop (running their favorite OS) capable of connecting to wired and wireless networks.

An installed valid VMWare

An installed copy of at least IDA Standard.

An SSH/Telnet client to access the hosted QEMU images and class hardware devices.

What Students Will Be Provided With

Custom printing of "The Android Hacker's Handbook"

100+ page coil bound lab manual

Access to the embedded systems (targets), and tools, that comprise the entire class environment

Undoubtedly some Xipiter swag and free hardware of some kind ;-)

Trainers

Stephen Lawler Research Fellow at Senrio Inc and is Founder and President of a small computer software and security consulting firm. Mr. Lawler has been actively working in information security for over 7 years, primarily in reverse engineering, malware analysis, and exploit development. While working at Mandiant he was a principal malware analyst for high-profile computer intrusions affecting several Fortune 100 companies. Prior to this, as a founding member of the Security and Mission Assurance (SMA) division (of a major U.S. Defense contractor) he discovered numerous "0-day" vulnerabilities in COTS software and pioneered several exploitation techniques that have only been recently published. Prior to this work, Stephen Lawler was the lead developer for the AWESIM sonar simulator as part of the US Navy SMMTT program. Stephen is also the technical editor of "Practical Malware Analysis" and several other texts published by No Starch Press

Stephen A. Ridley is a principal researcher at Xipiter and chief architect at Senrio Inc (http://senr.io) . He has more than 10 years of experience in software development, software security, and reverse engineering. Prior to Xipiter, Mr. Ridley served as the Chief Information Security Officer of a financial services firm and prior to that was a Senior Researcher at Matasano. He also was Senior Security Architect at McAfee, and a founding member of the Security and Mission Assurance (SMA) group at a major U.S defense contractor where he did vulnerability research and reverse engineering in support of the U.S. intelligence community. He has spoken about reverse engineering and software security at Black Hat, ReCon, CanSecWest, EuSecWest, Syscan and other prominent information security conferences. Stephen is a co-author of "The Android Hacker's Handbook" published by Wiley & Sons.